J'ai chopé Look2me, help !

J'ai chopé Look2me, help ! - Sécurité - Windows & Software

Marsh Posté le 16-05-2006 à 22:08:03    

Salut à tous,
d'après ce que j'ai lu, je crois que j'ai chopé ce qu'on appelle une belle m..., effectivement ni S&D, ni adawre, smitfraud et consors n'arrivent à en venir au bout.
J'ai voulu essayer L2Mremover mais il bug à l'install (lien ?).
 
Bref je sais plus trop quoi faire donc HELP !...
 
Merci d'avance.

Reply

Marsh Posté le 16-05-2006 à 22:08:03   

Reply

Marsh Posté le 16-05-2006 à 23:25:54    

Salut à toi,  
   
1-2-3) Télécharge Testor -> http://www.lutile.be/testor.zip  
   
4) Choisis "Enregistrer" et mets-le à un endroit où tu vas le retrouver  
   
5) Clique-droit sur "Testor.zip", puis sur "Extraire tout" (Si Winzip ou Winrar est installé sur ton ordi, ça peut être "Extract To Folder" ou "Décompresser vers le dossier..." )  
   
6) Ouvre le dossier décompressé et double-clique sur "Lisez-moi.txt"  
   
7) Ferme "Lisez-moi" après l'avoir lu et double-clique sur "Testor.bat"  
   
8) Clique sur "Exécuter" --> Une fenêtre noire s'ouvre  
   
9) Appuie sur "Enter" et tape ton prénom, puis "Enter"  
   
10) Sauvegarde de la base des registres, accepte (ça prend quelques secondes...)  
   
11) Continue (il enregistre tes paramètres dans le dossier "r4c10" )  
   
12) Accepte l'optimisation  
   
13) Accélérer XP --> Appuie sur "O"  
   
14) Supprimer les BHO --> "N"  
   
15) Réparer un desktop Hijacking --> "N"  
   
16) Désinfecter Winlogon --> "O"  (si tu es certain qu'aucun pilote / logiciel valide n'est configuré dans cette clef et que tu es bien infecté par Look2Me)
   
17) Réparer le fichier "Host" --> "O"  
   
18) Supprimer CWS --> "O"  
   
19) ... mise à jour --> "N"  
   
20) ... centre de sécurité --> "N"        
   
21) Processus invisibles avec HijackThis ? --> "O"  
   
22) Télécharger la dernière version d'HijackThis --> "O"  
-------- Choisis "Enregistrer" et mets-le à un endroit où tu vas le retrouver  
   
23) Télécharger AVG --> "N"  
   
24) Cleanup --> "O"  
   
25) Choisis "Enregistrer" et mets-le à un endroit où tu vas le retrouver  
   
26) Enregistrement des paramètres du réseau, accepte  
   
27) Chargeur de démarrage, idem  
   
28) Sauvegarder les exe du system --> "O" et ça défile !  
   
29) Suppression de l'espion : Ok  
 
30) Désinstaller Windows Messenger --> "N"  
   
30) Nettoyage du dossier Prefetch : Ok  
   
31) Services démarrés : Ok  
   
32) Désactivation de l'indexation : Ok  
   
33) Fermer toutes les fenêtres  
   
34) Lance HijackThis et choisis "Do A System Scan And Save A Log File"
 
35) Poste ici le log...


Message édité par wawaseb le 16-05-2006 à 23:26:22
Reply

Marsh Posté le 16-05-2006 à 23:52:13    

Ouf ç'est une manip' marathon ta méthode mais merci je vais essayer. Par contre comment savoir si un pilote est logé dans wingolon (kesako?) ??

Reply

Marsh Posté le 17-05-2006 à 03:58:23    


Voila J'ai fait la manip et voila mon log hijackthis:
 
Logfile of HijackThis v1.99.1
Scan saved at 01:05:32, on 17/05/2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
C:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\SEB\Logiciels et programmes\DAEMON Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\SEB\Logiciels et programmes\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\SEB\Logiciels et programmes\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\winIogon.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\SEB\Logiciels et programmes\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\SEB\Logiciels et programmes\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download with Star Downloader - C:\SEB\Logiciels et programmes\Star Downloader\sdie.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 7447463385
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A4D8267-0E37-4C95-8B1E-6F5659757339}: NameServer = 84.103.237.144 86.64.145.144
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A4D8267-0E37-4C95-8B1E-6F5659757339}: NameServer = 84.103.237.144 86.64.145.144
O17 - HKLM\System\CS2\Services\Tcpip\..\{0A4D8267-0E37-4C95-8B1E-6F5659757339}: NameServer = 84.103.237.141 86.64.145.141
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\irn4l55q1.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe


Message édité par ptitbagz le 17-05-2006 à 03:59:15
Reply

Marsh Posté le 17-05-2006 à 06:59:58    

Tu es bien infecté par Look2Me et aucun pilote ne se trouve dans ton Winlogon....
 
Relance HijackThis et fixe cette ligne :
 
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\winIogon.exe  
 
 
Relance Testor, refuse tout sauf la désinfection du Winlogon !
 
Redémarre et poste un nouveau log...

Reply

Marsh Posté le 17-05-2006 à 15:01:58    

Voici le nouveau log:
 
Logfile of HijackThis v1.99.1
Scan saved at 14:51:37, on 17/05/2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
C:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\SEB\Logiciels et programmes\DAEMON Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\SEB\Logiciels et programmes\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\wuauclt.exe
C:\SEB\Logiciels et programmes\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\SEB\Logiciels et programmes\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\SEB\Logiciels et programmes\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download with Star Downloader - C:\SEB\Logiciels et programmes\Star Downloader\sdie.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 7447463385
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\
O20 - Winlogon Notify: Explorer - C:\WINDOWS\
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\kt26l7fs1.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
 
Apparemment + de winlogon malgré ses tentatives continues et acharnées de se remettre dans la base de registre...

Reply

Marsh Posté le 17-05-2006 à 15:11:33    

Non, il est toujours là...
 
1) Désactive la restauration du système
2) Relance Testor, refuse tout sauf la désinfection du Winlogon
3) Relance HijackThis et supprime TOUT ce qui se trouve en "020"
3) Installe et exécute Cleanup
4) Redémarre et poste un nouveau log HijackThis

Reply

Marsh Posté le 17-05-2006 à 19:47:05    

Effectivement, et il a pas bougé:
 
Logfile of HijackThis v1.99.1
Scan saved at 19:46:14, on 17/05/2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
C:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\SEB\Logiciels et programmes\DAEMON Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\SEB\Logiciels et programmes\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\SEB\Logiciels et programmes\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\SEB\Logiciels et programmes\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\SEB\Logiciels et programmes\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download with Star Downloader - C:\SEB\Logiciels et programmes\Star Downloader\sdie.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 7447463385
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A4D8267-0E37-4C95-8B1E-6F5659757339}: NameServer = 84.103.237.142 86.64.145.142
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A4D8267-0E37-4C95-8B1E-6F5659757339}: NameServer = 84.103.237.142 86.64.145.142
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\
O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\
O20 - Winlogon Notify: Explorer - C:\WINDOWS\
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\q2rqlc951f.dll
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
 

Reply

Marsh Posté le 17-05-2006 à 20:00:16    

Re-salut...
 
Bon... nous allons en finir :
 
Télécharge CE fix : http://www.lutile.be/l2mfix.exe
 
Redémarre en mode sans échec, décompresse l'archive dans un dossier dédié, lance le fix (exe), choisis l'option 1, poste-là sur le forum (après le nettoyage), sélectionne directement après l'option 2.
 
Redémarre et poste un nouveau log HijackThis...
 
Ce coup-ci, tu seras tiré d'affaire...
 
Bien à toi,

Reply

Marsh Posté le 17-05-2006 à 20:37:40    

log L2MFIX:
 
 
L2MFIX find log 032106
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Control Panel]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
  6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\CSCSettings]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Explorer]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IPConfTSP]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ShellScrap]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WebCheck]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\n6n60g5se6.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
 
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{AF776177-9896-F86E-6829-70EE6D849068}"=""
 
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"="BitDefender Antivirus v9"
"{40ED0C14-7173-46F9-BA5F-75F86E4347B5}"=""
"{6F5CE0A5-FC8C-4E41-A0C0-DED0170CB4DD}"=""
"{EF6F9335-9CAF-4B9C-89DD-CFCCC4EDB82F}"=""
"{5921CA39-D422-4A2D-B53C-B31EF5A4D629}"=""
"{308914D3-CD23-4756-89BA-F66D4ECFA8D4}"=""
"{C021D310-17B5-40AB-A689-1D8199799D7A}"=""
"{3A737A6C-F959-4D8F-BB4F-9CE55C4D60AF}"=""
"{0B8DAE7D-1449-4D8F-B5A9-6B1FE9B0DDAA}"=""
"{3C1B1DE9-81CD-4172-869F-D7B6B887B2FE}"=""
"{5A315C6E-142C-4286-B000-AD305024E3D8}"=""
"{2F5C7C75-CBE2-4B87-B759-3AE4CD9D1CCE}"=""
"{DCA5442D-08BF-4B1C-8322-8BBD9E725F1E}"=""
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{B859E3F1-2635-4EAE-B6EC-67DF68834BDF}"=""
"{8B409043-6D7B-4913-BCCA-C8FC69661BCA}"=""
"{F30EA55E-5BCF-4961-9DB7-618D45B3EFEB}"=""
"{2A622A7F-9CCB-4E0F-B09E-92E6714DF392}"=""
"{48D45CF4-1976-4DCF-84F5-43AAA5FA1650}"=""
"{A5633E34-9E9C-414E-8486-6866DFBA5745}"=""
"{0FCD1E36-5389-4CB2-8547-53BB8EA7D5C5}"=""
"{15E3ECB9-B9EE-4FBF-8DFF-0D4FF465A490}"=""
"{CE2CDAE0-F366-4D93-99D7-197ABF099665}"=""
"{3857B3E1-99C6-4C1A-BD14-3BDE16906738}"=""
"{4AFFC771-A279-41E2-A046-EE20204369AF}"=""
"{3FB7FA9A-69B2-455C-9526-571B769F0125}"=""
"{1D42E081-68F1-4C85-8DF4-2CA0D9E9FA56}"=""
"{156B337D-AA28-4D21-BE5C-5DA98756E36D}"=""
"{B5962026-2F36-4708-A91F-7BF8AA7EBD14}"=""
"{A6327A16-78ED-486E-A698-B16C4FDCA363}"=""
"{338D4975-EC16-4B5E-B1A9-7E2D08FD2CEC}"=""
"{C9E6703C-AFE6-41D2-9F39-3975372448E4}"=""
"{EE81E5F8-5D4C-4534-B3CF-3D0A2B698367}"=""
"{A3941807-86EE-43F4-A759-A064DE9C1387}"=""
"{2A572CDA-2489-454C-A581-D0F5B9F9C292}"=""
"{BD014AE9-79A8-4D68-B635-9642433DAA31}"=""
"{71B1C00B-8C20-4AC5-9813-B0B293ACA2D9}"=""
"{0706798C-9923-47A6-8FAD-954F81864803}"=""
"{9FB1347A-0D64-465A-B5C8-527534259B71}"=""
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{60E4AA9A-735D-43A6-A539-AE5DC8AB3621}"=""
"{DB66F3A4-FF74-4177-833D-1FA3806F5789}"=""
"{8CF0CF58-DECD-47DC-9741-ED1721E89E1C}"=""
"{C9110B1B-E66A-481D-8EF4-4358F97E94BD}"=""
"{19496AC6-EF89-42C7-9BCC-2FE5EB238EE5}"=""
"{52DD4204-6651-4C74-956A-771D8D13CE7F}"=""
"{1F36DD07-0080-4B0D-914D-C5E2F5667109}"=""
"{1335A957-D769-4522-9C96-0B24AA124E0C}"=""
"{E5B8255F-5E78-44A0-857F-CBA835275804}"=""
 
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{40ED0C14-7173-46F9-BA5F-75F86E4347B5}]
@=""
"IDEx"="ADDR"
 
[HKEY_CLASSES_ROOT\CLSID\{40ED0C14-7173-46F9-BA5F-75F86E4347B5}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{40ED0C14-7173-46F9-BA5F-75F86E4347B5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{40ED0C14-7173-46F9-BA5F-75F86E4347B5}\InprocServer32]
@="C:\\WINDOWS\\system32\\sclwapi.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{6F5CE0A5-FC8C-4E41-A0C0-DED0170CB4DD}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{6F5CE0A5-FC8C-4E41-A0C0-DED0170CB4DD}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{6F5CE0A5-FC8C-4E41-A0C0-DED0170CB4DD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{6F5CE0A5-FC8C-4E41-A0C0-DED0170CB4DD}\InprocServer32]
@="C:\\WINDOWS\\system32\\escapi.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{EF6F9335-9CAF-4B9C-89DD-CFCCC4EDB82F}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{EF6F9335-9CAF-4B9C-89DD-CFCCC4EDB82F}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{EF6F9335-9CAF-4B9C-89DD-CFCCC4EDB82F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{EF6F9335-9CAF-4B9C-89DD-CFCCC4EDB82F}\InprocServer32]
@="C:\\WINDOWS\\system32\\acstream.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{5921CA39-D422-4A2D-B53C-B31EF5A4D629}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{5921CA39-D422-4A2D-B53C-B31EF5A4D629}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{5921CA39-D422-4A2D-B53C-B31EF5A4D629}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{5921CA39-D422-4A2D-B53C-B31EF5A4D629}\InprocServer32]
@="C:\\WINDOWS\\system32\\iGssdo.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{308914D3-CD23-4756-89BA-F66D4ECFA8D4}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{308914D3-CD23-4756-89BA-F66D4ECFA8D4}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{308914D3-CD23-4756-89BA-F66D4ECFA8D4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{308914D3-CD23-4756-89BA-F66D4ECFA8D4}\InprocServer32]
@="C:\\WINDOWS\\system32\\mdnsspc.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{C021D310-17B5-40AB-A689-1D8199799D7A}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{C021D310-17B5-40AB-A689-1D8199799D7A}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{C021D310-17B5-40AB-A689-1D8199799D7A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{C021D310-17B5-40AB-A689-1D8199799D7A}\InprocServer32]
@="C:\\WINDOWS\\system32\\xXctsrv.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{3A737A6C-F959-4D8F-BB4F-9CE55C4D60AF}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{3A737A6C-F959-4D8F-BB4F-9CE55C4D60AF}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{3A737A6C-F959-4D8F-BB4F-9CE55C4D60AF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{3A737A6C-F959-4D8F-BB4F-9CE55C4D60AF}\InprocServer32]
@="C:\\WINDOWS\\system32\\czfgnt.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{0B8DAE7D-1449-4D8F-B5A9-6B1FE9B0DDAA}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{0B8DAE7D-1449-4D8F-B5A9-6B1FE9B0DDAA}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{0B8DAE7D-1449-4D8F-B5A9-6B1FE9B0DDAA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{0B8DAE7D-1449-4D8F-B5A9-6B1FE9B0DDAA}\InprocServer32]
@="C:\\WINDOWS\\system32\\mpi.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{3C1B1DE9-81CD-4172-869F-D7B6B887B2FE}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{3C1B1DE9-81CD-4172-869F-D7B6B887B2FE}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{3C1B1DE9-81CD-4172-869F-D7B6B887B2FE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{3C1B1DE9-81CD-4172-869F-D7B6B887B2FE}\InprocServer32]
@="C:\\WINDOWS\\system32\\khdlv1.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{5A315C6E-142C-4286-B000-AD305024E3D8}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{5A315C6E-142C-4286-B000-AD305024E3D8}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{5A315C6E-142C-4286-B000-AD305024E3D8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{5A315C6E-142C-4286-B000-AD305024E3D8}\InprocServer32]
@="C:\\WINDOWS\\system32\\imxwan.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{2F5C7C75-CBE2-4B87-B759-3AE4CD9D1CCE}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{2F5C7C75-CBE2-4B87-B759-3AE4CD9D1CCE}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{2F5C7C75-CBE2-4B87-B759-3AE4CD9D1CCE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{2F5C7C75-CBE2-4B87-B759-3AE4CD9D1CCE}\InprocServer32]
@="C:\\WINDOWS\\system32\\aoctres.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{DCA5442D-08BF-4B1C-8322-8BBD9E725F1E}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{DCA5442D-08BF-4B1C-8322-8BBD9E725F1E}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{DCA5442D-08BF-4B1C-8322-8BBD9E725F1E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{DCA5442D-08BF-4B1C-8322-8BBD9E725F1E}\InprocServer32]
@="C:\\WINDOWS\\system32\\dSd8.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{B859E3F1-2635-4EAE-B6EC-67DF68834BDF}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{B859E3F1-2635-4EAE-B6EC-67DF68834BDF}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{B859E3F1-2635-4EAE-B6EC-67DF68834BDF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{B859E3F1-2635-4EAE-B6EC-67DF68834BDF}\InprocServer32]
@="C:\\WINDOWS\\system32\\twkwks.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{8B409043-6D7B-4913-BCCA-C8FC69661BCA}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{8B409043-6D7B-4913-BCCA-C8FC69661BCA}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{8B409043-6D7B-4913-BCCA-C8FC69661BCA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{8B409043-6D7B-4913-BCCA-C8FC69661BCA}\InprocServer32]
@="C:\\WINDOWS\\system32\\izetcomm.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{F30EA55E-5BCF-4961-9DB7-618D45B3EFEB}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{F30EA55E-5BCF-4961-9DB7-618D45B3EFEB}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{F30EA55E-5BCF-4961-9DB7-618D45B3EFEB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{F30EA55E-5BCF-4961-9DB7-618D45B3EFEB}\InprocServer32]
@="C:\\WINDOWS\\system32\\inlogmsg.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{2A622A7F-9CCB-4E0F-B09E-92E6714DF392}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{2A622A7F-9CCB-4E0F-B09E-92E6714DF392}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{2A622A7F-9CCB-4E0F-B09E-92E6714DF392}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{2A622A7F-9CCB-4E0F-B09E-92E6714DF392}\InprocServer32]
@="C:\\WINDOWS\\system32\\dgsshlex.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{48D45CF4-1976-4DCF-84F5-43AAA5FA1650}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{48D45CF4-1976-4DCF-84F5-43AAA5FA1650}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{48D45CF4-1976-4DCF-84F5-43AAA5FA1650}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{48D45CF4-1976-4DCF-84F5-43AAA5FA1650}\InprocServer32]
@="C:\\WINDOWS\\system32\\mniseq.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{A5633E34-9E9C-414E-8486-6866DFBA5745}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{A5633E34-9E9C-414E-8486-6866DFBA5745}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{A5633E34-9E9C-414E-8486-6866DFBA5745}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{A5633E34-9E9C-414E-8486-6866DFBA5745}\InprocServer32]
@="C:\\WINDOWS\\system32\\wdaueng1.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{0FCD1E36-5389-4CB2-8547-53BB8EA7D5C5}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{0FCD1E36-5389-4CB2-8547-53BB8EA7D5C5}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{0FCD1E36-5389-4CB2-8547-53BB8EA7D5C5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{0FCD1E36-5389-4CB2-8547-53BB8EA7D5C5}\InprocServer32]
@="C:\\WINDOWS\\system32\\wcsdmoe2.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{15E3ECB9-B9EE-4FBF-8DFF-0D4FF465A490}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{15E3ECB9-B9EE-4FBF-8DFF-0D4FF465A490}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{15E3ECB9-B9EE-4FBF-8DFF-0D4FF465A490}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{15E3ECB9-B9EE-4FBF-8DFF-0D4FF465A490}\InprocServer32]
@="C:\\WINDOWS\\system32\\ngwrsfr.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{CE2CDAE0-F366-4D93-99D7-197ABF099665}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{CE2CDAE0-F366-4D93-99D7-197ABF099665}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{CE2CDAE0-F366-4D93-99D7-197ABF099665}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{CE2CDAE0-F366-4D93-99D7-197ABF099665}\InprocServer32]
@="C:\\WINDOWS\\system32\\nzwdev.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{3857B3E1-99C6-4C1A-BD14-3BDE16906738}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{3857B3E1-99C6-4C1A-BD14-3BDE16906738}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{3857B3E1-99C6-4C1A-BD14-3BDE16906738}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{3857B3E1-99C6-4C1A-BD14-3BDE16906738}\InprocServer32]
@="C:\\WINDOWS\\system32\\whpasf.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{4AFFC771-A279-41E2-A046-EE20204369AF}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{4AFFC771-A279-41E2-A046-EE20204369AF}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{4AFFC771-A279-41E2-A046-EE20204369AF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{4AFFC771-A279-41E2-A046-EE20204369AF}\InprocServer32]
@="C:\\WINDOWS\\system32\\UML.DLL"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{3FB7FA9A-69B2-455C-9526-571B769F0125}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{3FB7FA9A-69B2-455C-9526-571B769F0125}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{3FB7FA9A-69B2-455C-9526-571B769F0125}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{3FB7FA9A-69B2-455C-9526-571B769F0125}\InprocServer32]
@="C:\\WINDOWS\\system32\\mjcpx32r.dLL"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{1D42E081-68F1-4C85-8DF4-2CA0D9E9FA56}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{1D42E081-68F1-4C85-8DF4-2CA0D9E9FA56}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{1D42E081-68F1-4C85-8DF4-2CA0D9E9FA56}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{1D42E081-68F1-4C85-8DF4-2CA0D9E9FA56}\InprocServer32]
@="C:\\WINDOWS\\system32\\wlstream.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{156B337D-AA28-4D21-BE5C-5DA98756E36D}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{156B337D-AA28-4D21-BE5C-5DA98756E36D}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{156B337D-AA28-4D21-BE5C-5DA98756E36D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{156B337D-AA28-4D21-BE5C-5DA98756E36D}\InprocServer32]
@="C:\\WINDOWS\\system32\\krdfo.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{B5962026-2F36-4708-A91F-7BF8AA7EBD14}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{B5962026-2F36-4708-A91F-7BF8AA7EBD14}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{B5962026-2F36-4708-A91F-7BF8AA7EBD14}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{B5962026-2F36-4708-A91F-7BF8AA7EBD14}\InprocServer32]
@="C:\\WINDOWS\\system32\\qqdwipes.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{A6327A16-78ED-486E-A698-B16C4FDCA363}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{A6327A16-78ED-486E-A698-B16C4FDCA363}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{A6327A16-78ED-486E-A698-B16C4FDCA363}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{A6327A16-78ED-486E-A698-B16C4FDCA363}\InprocServer32]
@="C:\\WINDOWS\\system32\\rrcrt4.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{338D4975-EC16-4B5E-B1A9-7E2D08FD2CEC}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{338D4975-EC16-4B5E-B1A9-7E2D08FD2CEC}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{338D4975-EC16-4B5E-B1A9-7E2D08FD2CEC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{338D4975-EC16-4B5E-B1A9-7E2D08FD2CEC}\InprocServer32]
@="C:\\WINDOWS\\system32\\iCsacct.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{C9E6703C-AFE6-41D2-9F39-3975372448E4}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{C9E6703C-AFE6-41D2-9F39-3975372448E4}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{C9E6703C-AFE6-41D2-9F39-3975372448E4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{C9E6703C-AFE6-41D2-9F39-3975372448E4}\InprocServer32]
@="C:\\WINDOWS\\system32\\ilaapi.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{EE81E5F8-5D4C-4534-B3CF-3D0A2B698367}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{EE81E5F8-5D4C-4534-B3CF-3D0A2B698367}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{EE81E5F8-5D4C-4534-B3CF-3D0A2B698367}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{EE81E5F8-5D4C-4534-B3CF-3D0A2B698367}\InprocServer32]
@="C:\\WINDOWS\\system32\\asvapi32.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{A3941807-86EE-43F4-A759-A064DE9C1387}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{A3941807-86EE-43F4-A759-A064DE9C1387}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{A3941807-86EE-43F4-A759-A064DE9C1387}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{A3941807-86EE-43F4-A759-A064DE9C1387}\InprocServer32]
@="C:\\WINDOWS\\system32\\tCpi.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{2A572CDA-2489-454C-A581-D0F5B9F9C292}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{2A572CDA-2489-454C-A581-D0F5B9F9C292}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{2A572CDA-2489-454C-A581-D0F5B9F9C292}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{2A572CDA-2489-454C-A581-D0F5B9F9C292}\InprocServer32]
@="C:\\WINDOWS\\system32\\dcrgres.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{BD014AE9-79A8-4D68-B635-9642433DAA31}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{BD014AE9-79A8-4D68-B635-9642433DAA31}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{BD014AE9-79A8-4D68-B635-9642433DAA31}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{BD014AE9-79A8-4D68-B635-9642433DAA31}\InprocServer32]
@="C:\\WINDOWS\\system32\\ajsmsext.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{71B1C00B-8C20-4AC5-9813-B0B293ACA2D9}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{71B1C00B-8C20-4AC5-9813-B0B293ACA2D9}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{71B1C00B-8C20-4AC5-9813-B0B293ACA2D9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{71B1C00B-8C20-4AC5-9813-B0B293ACA2D9}\InprocServer32]
@="C:\\WINDOWS\\system32\\uxrv42a.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{0706798C-9923-47A6-8FAD-954F81864803}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{0706798C-9923-47A6-8FAD-954F81864803}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{0706798C-9923-47A6-8FAD-954F81864803}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{0706798C-9923-47A6-8FAD-954F81864803}\InprocServer32]
@="C:\\WINDOWS\\system32\\kudycl.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{9FB1347A-0D64-465A-B5C8-527534259B71}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{9FB1347A-0D64-465A-B5C8-527534259B71}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{9FB1347A-0D64-465A-B5C8-527534259B71}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{9FB1347A-0D64-465A-B5C8-527534259B71}\InprocServer32]
@="C:\\WINDOWS\\system32\\apthz.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{60E4AA9A-735D-43A6-A539-AE5DC8AB3621}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{60E4AA9A-735D-43A6-A539-AE5DC8AB3621}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{60E4AA9A-735D-43A6-A539-AE5DC8AB3621}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{60E4AA9A-735D-43A6-A539-AE5DC8AB3621}\InprocServer32]
@="C:\\WINDOWS\\system32\\rCsmans.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{DB66F3A4-FF74-4177-833D-1FA3806F5789}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{DB66F3A4-FF74-4177-833D-1FA3806F5789}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{DB66F3A4-FF74-4177-833D-1FA3806F5789}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{DB66F3A4-FF74-4177-833D-1FA3806F5789}\InprocServer32]
@="C:\\WINDOWS\\system32\\rdmps.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{8CF0CF58-DECD-47DC-9741-ED1721E89E1C}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{8CF0CF58-DECD-47DC-9741-ED1721E89E1C}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{8CF0CF58-DECD-47DC-9741-ED1721E89E1C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{8CF0CF58-DECD-47DC-9741-ED1721E89E1C}\InprocServer32]
@="C:\\WINDOWS\\system32\\spcurity.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{C9110B1B-E66A-481D-8EF4-4358F97E94BD}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{C9110B1B-E66A-481D-8EF4-4358F97E94BD}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{C9110B1B-E66A-481D-8EF4-4358F97E94BD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{C9110B1B-E66A-481D-8EF4-4358F97E94BD}\InprocServer32]
@="C:\\WINDOWS\\system32\\ifhlpapi.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{19496AC6-EF89-42C7-9BCC-2FE5EB238EE5}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{19496AC6-EF89-42C7-9BCC-2FE5EB238EE5}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{19496AC6-EF89-42C7-9BCC-2FE5EB238EE5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{19496AC6-EF89-42C7-9BCC-2FE5EB238EE5}\InprocServer32]
@="C:\\WINDOWS\\system32\\lpcdll.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{52DD4204-6651-4C74-956A-771D8D13CE7F}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{52DD4204-6651-4C74-956A-771D8D13CE7F}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{52DD4204-6651-4C74-956A-771D8D13CE7F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{52DD4204-6651-4C74-956A-771D8D13CE7F}\InprocServer32]
@="C:\\WINDOWS\\system32\\mXpi32.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{1F36DD07-0080-4B0D-914D-C5E2F5667109}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{1F36DD07-0080-4B0D-914D-C5E2F5667109}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{1F36DD07-0080-4B0D-914D-C5E2F5667109}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{1F36DD07-0080-4B0D-914D-C5E2F5667109}\InprocServer32]
@="C:\\WINDOWS\\system32\\nptapi32.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{1335A957-D769-4522-9C96-0B24AA124E0C}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{1335A957-D769-4522-9C96-0B24AA124E0C}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{1335A957-D769-4522-9C96-0B24AA124E0C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{1335A957-D769-4522-9C96-0B24AA124E0C}\InprocServer32]
@="C:\\WINDOWS\\system32\\nitman.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{E5B8255F-5E78-44A0-857F-CBA835275804}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{E5B8255F-5E78-44A0-857F-CBA835275804}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{E5B8255F-5E78-44A0-857F-CBA835275804}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{E5B8255F-5E78-44A0-857F-CBA835275804}\InprocServer32]
@="C:\\WINDOWS\\system32\\SLDOCVW.DLL"
"ThreadingModel"="Apartment"
 
**********************************************************************************
Files Found are not all bad files:
 
C:\WINDOWS\SYSTEM32\
   ajsmsext.dll   Tue 16 May 2006  13:58:44   ..S..        236 827   231,27 K
   apthz.dll      Wed 17 May 2006   0:19:52   ..S..        235 594   230,07 K
   asvapi32.dll   Mon 15 May 2006  23:13:48   ..S..        235 888   230,36 K
   cpumztxi.dll   Mon  8 May 2006  21:45:38   A....        139 264   136,00 K
   dcrgres.dll    Tue 16 May 2006  13:48:24   ..S.R        236 023   230,49 K
   gpj6l3~1.dll   Wed 17 May 2006   2:14:22   ..S.R        235 641   230,12 K
   gplql3~1.dll   Tue 16 May 2006  19:14:38   ..S.R        237 127   231,57 K
   ifhlpapi.dll   Wed 17 May 2006  14:50:34   ..S.R        236 842   231,29 K
   ilaapi.dll     Mon 15 May 2006  21:10:30   ..S..        235 888   230,36 K
   ir6ol5~1.dll   Wed 17 May 2006  20:20:00   ..S.R        233 686   228,21 K
   irr0l5~1.dll   Tue 16 May 2006  20:29:48   ..S.R        236 689   231,14 K
   kudycl.dll     Tue 16 May 2006  18:09:40   ..S..        234 139   228,65 K
   lpcdll.dll     Wed 17 May 2006  18:31:38   ..S.R        233 817   228,34 K
   mxpi32.dll     Wed 17 May 2006  18:38:06   ..S.R        236 842   231,29 K
   n6n60g~1.dll   Wed 17 May 2006  18:45:40   ..S.R        234 742   229,24 K
   nitman.dll     Wed 17 May 2006  18:52:00   ..S.R        233 686   228,21 K
   nlame.dll      Sat 18 Mar 2006   0:43:52   A....        110 080   107,50 K
   nptapi32.dll   Wed 17 May 2006  18:45:34   ..S.R        233 873   228,39 K
   nv4_disp.dll   Fri 17 Mar 2006   9:31:00   A....      3 974 656     3,79 M
   nvapi.dll      Fri 17 Mar 2006   9:31:00   A....         98 304    96,00 K
   nvcod.dll      Fri 17 Mar 2006   9:31:00   A....         35 840    35,00 K
   nvcodins.dll   Fri 17 Mar 2006   9:31:00   A....         35 840    35,00 K
   nvcpl.dll      Fri 17 Mar 2006   9:31:00   A....      7 561 216     7,21 M
   nvhwvid.dll    Fri 17 Mar 2006   9:31:00   A....        573 440   560,00 K
   nview.dll      Fri 17 Mar 2006   9:31:00   A....      1 466 368     1,40 M
   nvmccs.dll     Fri 17 Mar 2006   9:31:00   A....        229 376   224,00 K
   nvmccsrs.dll   Fri 17 Mar 2006   9:31:00   A....         45 056    44,00 K
   nvmctray.dll   Fri 17 Mar 2006   9:31:00   A....         86 016    84,00 K
   nvnt4cpl.dll   Fri 17 Mar 2006   9:31:00   A....        286 720   280,00 K
   nvoglnt.dll    Fri 17 Mar 2006   9:31:00   A....      5 419 008     5,17 M
   nvrsar.dll     Fri 17 Mar 2006   9:31:00   A....        327 680   320,00 K
   nvrscs.dll     Fri 17 Mar 2006   9:31:00   A....        245 760   240,00 K
   nvrsda.dll     Fri 17 Mar 2006   9:31:00   A....        249 856   244,00 K
   nvrsde.dll     Fri 17 Mar 2006   9:31:00   A....        274 432   268,00 K
   nvrsel.dll     Fri 17 Mar 2006   9:31:00   A....        278 528   272,00 K
   nvrseng.dll    Fri 17 Mar 2006   9:31:00   A....        245 760   240,00 K
   nvrses.dll     Fri 17 Mar 2006   9:31:00   A....        278 528   272,00 K
   nvrsesm.dll    Fri 17 Mar 2006   9:31:00   A....        270 336   264,00 K
   nvrsfi.dll     Fri 17 Mar 2006   9:31:00   A....        245 760   240,00 K
   nvrsfr.dll     Fri 17 Mar 2006   9:31:00   A....        282 624   276,00 K
   nvrshe.dll     Fri 17 Mar 2006   9:31:00   A....        323 584   316,00 K
   nvrshu.dll     Fri 17 Mar 2006   9:31:00   A....        258 048   252,00 K
   nvrsit.dll     Fri 17 Mar 2006   9:31:00   A....        278 528   272,00 K
   nvrsja.dll     Fri 17 Mar 2006   9:31:00   A....        266 240   260,00 K
   nvrsko.dll     Fri 17 Mar 2006   9:31:00   A....        258 048   252,00 K
   nvrsnl.dll     Fri 17 Mar 2006   9:31:00   A....        270 336   264,00 K
   nvrsno.dll     Fri 17 Mar 2006   9:31:00   A....        249 856   244,00 K
   nvrspl.dll     Fri 17 Mar 2006   9:31:00   A....        253 952   248,00 K
   nvrspt.dll     Fri 17 Mar 2006   9:31:00   A....        270 336   264,00 K
   nvrsptb.dll    Fri 17 Mar 2006   9:31:00   A....        266 240   260,00 K
   nvrsru.dll     Fri 17 Mar 2006   9:31:00   A....        266 240   260,00 K
   nvrssk.dll     Fri 17 Mar 2006   9:31:00   A....        253 952   248,00 K
   nvrssl.dll     Fri 17 Mar 2006   9:31:00   A....        253 952   248,00 K
   nvrssv.dll     Fri 17 Mar 2006   9:31:00   A....        249 856   244,00 K
   nvrstr.dll     Fri 17 Mar 2006   9:31:00   A....        253 952   248,00 K
   nvrszhc.dll    Fri 17 Mar 2006   9:31:00   A....        221 184   216,00 K
   nvrszht.dll    Fri 17 Mar 2006   9:31:00   A....        122 880   120,00 K
   nvshell.dll    Fri 17 Mar 2006   9:31:00   A....        466 944   456,00 K
   nvwddi.dll     Fri 17 Mar 2006   9:31:00   A....         81 920    80,00 K
   nvwdmcpl.dll   Fri 17 Mar 2006   9:31:00   A....      1 662 976     1,59 M
   nvwimg.dll     Fri 17 Mar 2006   9:31:00   A....      1 019 904   996,00 K
   nvwrsar.dll    Fri 17 Mar 2006   9:31:00   A....        282 624   276,00 K
   nvwrscs.dll    Fri 17 Mar 2006   9:31:00   A....        286 720   280,00 K
   nvwrsda.dll    Fri 17 Mar 2006   9:31:00   A....        294 912   288,00 K
   nvwrsde.dll    Fri 17 Mar 2006   9:31:00   A....        311 296   304,00 K
   nvwrsel.dll    Fri 17 Mar 2006   9:31:00   A....        335 872   328,00 K
   nvwrseng.dll   Fri 17 Mar 2006   9:31:00   A....        286 720   280,00 K
   nvwrses.dll    Fri 17 Mar 2006   9:31:00   A....        335 872   328,00 K
   nvwrsesm.dll   Fri 17 Mar 2006   9:31:00   A....        327 680   320,00 K
   nvwrsfi.dll    Fri 17 Mar 2006   9:31:00   A....        303 104   296,00 K
   nvwrsfr.dll    Fri 17 Mar 2006   9:31:00   A....        327 680   320,00 K
   nvwrshe.dll    Fri 17 Mar 2006   9:31:00   A....        278 528   272,00 K
   nvwrshu.dll    Fri 17 Mar 2006   9:31:00   A....        315 392   308,00 K
   nvwrsit.dll    Fri 17 Mar 2006   9:31:00   A....        323 584   316,00 K
   nvwrsja.dll    Fri 17 Mar 2006   9:31:00   A....        212 992   208,00 K
   nvwrsko.dll    Fri 17 Mar 2006   9:31:00   A....        196 608   192,00 K
   nvwrsnl.dll    Fri 17 Mar 2006   9:31:00   A....        319 488   312,00 K
   nvwrsno.dll    Fri 17 Mar 2006   9:31:00   A....        299 008   292,00 K
   nvwrspl.dll    Fri 17 Mar 2006   9:31:00   A....        294 912   288,00 K
   nvwrspt.dll    Fri 17 Mar 2006   9:31:00   A....        323 584   316,00 K
   nvwrsptb.dll   Fri 17 Mar 2006   9:31:00   A....        319 488   312,00 K
   nvwrsru.dll    Fri 17 Mar 2006   9:31:00   A....        315 392   308,00 K
   nvwrssk.dll    Fri 17 Mar 2006   9:31:00   A....        299 008   292,00 K
   nvwrssl.dll    Fri 17 Mar 2006   9:31:00   A....        303 104   296,00 K
   nvwrssv.dll    Fri 17 Mar 2006   9:31:00   A....        294 912   288,00 K
   nvwrstr.dll    Fri 17 Mar 2006   9:31:00   A....        303 104   296,00 K
   nvwrszhc.dll   Fri 17 Mar 2006   9:31:00   A....        163 840   160,00 K
   nvwrszht.dll   Fri 17 Mar 2006   9:31:00   A....        167 936   164,00 K
   q6nulg~1.dll   Wed 17 May 2006   4:17:10   ..S.R        234 226   228,73 K
   rcsmans.dll    Wed 17 May 2006   1:37:22   ..S.R        235 641   230,12 K
   rdmps.dll      Wed 17 May 2006   2:15:16   ..S..        236 671   231,12 K
   sldocvw.dll    Wed 17 May 2006  20:22:36   ..S.R        234 742   229,24 K
   sockspy.dll    Sat 13 May 2006   1:25:20   A....         73 728    72,00 K
   spcurity.dll   Wed 17 May 2006  14:41:04   ..S..        236 671   231,12 K
   tcpi.dll       Tue 16 May 2006  13:40:14   ..S..        234 256   228,77 K
   uxrv42a.dll    Tue 16 May 2006  16:21:52   ..S..        237 188   231,63 K
   x264vfw.dll    Wed 17 May 2006   4:40:36   A....        540 178   527,52 K
   xcomm.dll      Sat 13 May 2006   1:24:30   A....         77 824    76,00 K
 
98 items found:  98 files (23 H/S), 0 directories.
   Total of file sizes:  44 241 165 bytes     42,19 M
Locate .tmp files:
 
No matches found.
**********************************************************************************
Directory Listing of system files:
 Le volume dans le lecteur C n'a pas de nom.
 Le num‚ro de s‚rie du volume est 4CFE-8C4C
 
 R‚pertoire de C:\WINDOWS\System32
 
17/05/2006  20:22           234ÿ742 SLDOCVW.DLL
17/05/2006  20:19           233ÿ686 ir6ol5j31.dll
17/05/2006  18:51           233ÿ686 nitman.dll
17/05/2006  18:45           234ÿ742 n6n60g5se6.dll
17/05/2006  18:45           233ÿ873 nptapi32.dll
17/05/2006  18:38           236ÿ842 mXpi32.dll
17/05/2006  18:31           233ÿ817 lpcdll.dll
17/05/2006  14:50           236ÿ842 ifhlpapi.dll
17/05/2006  14:41           236ÿ671 spcurity.dll
17/05/2006  04:17           234ÿ226 q6nulg5916.dll
17/05/2006  02:15           236ÿ671 rdmps.dll
17/05/2006  02:14           235ÿ641 gpj6l31s1.dll
17/05/2006  01:37           235ÿ641 rCsmans.dll
17/05/2006  00:19           235ÿ594 apthz.dll
16/05/2006  20:29           236ÿ689 irr0l59m1.dll
16/05/2006  19:14           237ÿ127 gplql3351.dll
16/05/2006  18:09           234ÿ139 kudycl.dll
16/05/2006  16:21           237ÿ188 uxrv42a.dll
16/05/2006  13:58           236ÿ827 ajsmsext.dll
16/05/2006  13:48           236ÿ023 dcrgres.dll
16/05/2006  13:40           234ÿ256 tCpi.dll
15/05/2006  23:13           235ÿ888 asvapi32.dll
15/05/2006  21:10           235ÿ888 ilaapi.dll
13/05/2006  21:52    <REP>          dllcache
12/05/2006  16:53    <REP>          Microsoft
              23 fichier(s)        5ÿ416ÿ699 octets
               2 R‚p(s)  120ÿ320ÿ176ÿ128 octets libres
 
 
Log hijack:
 
Logfile of HijackThis v1.99.1
Scan saved at 20:34:36, on 17/05/2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
C:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\SEB\Logiciels et programmes\DAEMON Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\SEB\Logiciels et programmes\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\SEB\Logiciels et programmes\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\SEB\Logiciels et programmes\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\SEB\Logiciels et programmes\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download with Star Downloader - C:\SEB\Logiciels et programmes\Star Downloader\sdie.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 7447463385
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A4D8267-0E37-4C95-8B1E-6F5659757339}: NameServer = 86.64.145.145 84.103.237.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A4D8267-0E37-4C95-8B1E-6F5659757339}: NameServer = 86.64.145.145 84.103.237.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\
O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\
O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\n6n60g5se6.dll
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
 
toujours là j'ai l'impression...tenace


Message édité par ptitbagz le 17-05-2006 à 20:44:19
Reply

Marsh Posté le 17-05-2006 à 20:37:40   

Reply

Marsh Posté le 17-05-2006 à 20:50:52    

Excellent... j'adore...   :)
 
1) En mode normal, relance le fix
2) Choisis l'option 2
----> Il redémarre TOUT SEUL
3) s'il ne le fait pas automatiquement, lance "second.bat"
4) Copie-colle ces lignes dans un fichier texte que tu enregistres en .reg :
 
Windows Registry Editor Version 5.00
 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
  6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
"TISA"=""
 
5) Désactive / ré-active la restauration du système
6) Supprime le fichier "gard.tmp" (si encore présent)
7) Relance HijackThis et fixe les lignes 020 (si encore présentes)
8) Exécute Cleanup
9) Redémarre la machine et poste un nouveau rapport HijackThis...
 
:)

Reply

Marsh Posté le 19-05-2006 à 00:11:54    

re salut,
ravi que que ça te fasse kiffer, je te cache pas que j'aimerais autant qu'il vire au plus vite mais on au moins tu laches pas l'affaire...;)
- le fichier texte, je le met où ??
- je réactive la restauration dans la foulée ?
- le fichier gard, il est où ?


Message édité par ptitbagz le 19-05-2006 à 00:26:59
Reply

Marsh Posté le 19-05-2006 à 06:55:27    

Le fichier texte, une fois enregistré en .reg, tu l'exécute pour l'ajouter au registre...
 
Après, tu pourras réactiver la restauration du système...
 
Le fichier "guard.tmp" devrait se trouver dans le dossier %windir%/system32/
 
Bonne chance,

Reply

Marsh Posté le 19-05-2006 à 18:32:40    

Bon je crois que c'est bon, j'ai ptet mal effectué un truc car je me suis arrêté au fix et au clan up du fix, et il a fait tout un tas d'opérations que je me souvenais pas avoir avant (ou alors je confonds avec un autre...).
Tout ça pour dire qu'apparement, il est bien viré mais je te laisse le log hijack pour que tu me confirme, des fois que...
Merci pour le coup de main.
 
Logfile of HijackThis v1.99.1
Scan saved at 18:24:44, on 19/05/2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
C:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\SEB\Logiciels et programmes\DAEMON Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\SEB\Logiciels et programmes\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\SEB\Logiciels et programmes\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\SEB\Logiciels et programmes\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\SEB\Logiciels et programmes\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download with Star Downloader - C:\SEB\Logiciels et programmes\Star Downloader\sdie.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 7447463385
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
 


Message édité par ptitbagz le 19-05-2006 à 18:33:15
Reply

Marsh Posté le 19-05-2006 à 19:03:26    

Salut...
 
Plus de Look2Me, j'ai mis Testor à jour...   :)
 
Tu peux encore fixer cette ligne-ci :
 
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k  
 
Relancer Cleanup
 
et surtout...
 
mettre à jour ta configuration !
 
Au plaisir...   ;)

Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed